About GS Tracker
GS Tracker is a real-time precious metals dashboard that displays live spot prices for gold, silver, platinum and palladium — with a zero-knowledge encrypted portfolio tracker built in.
Frequently Asked Questions
What is GS Tracker?
GS Tracker is a personal precious metals portfolio tracker and live price dashboard. Spot prices for XAU/USD (gold), XAG/USD (silver), XPT/USD (platinum) and XPD/USD (palladium) update every 30 seconds from live market data.
Where do the prices come from?
Prices are sourced from metals.live, which aggregates live spot prices from global commodity markets. Data refreshes every 30 seconds. Prices are for informational purposes only and may vary from dealer prices by a small premium.
Why AES-256-GCM encryption for my portfolio?
Your portfolio data — how many grams or troy ounces of each metal you hold — is sensitive financial information. GS Tracker encrypts this data in your browser using AES-256-GCM before it is ever stored or transmitted. This is the same encryption standard used by Bitwarden, ProtonDrive, and other zero-knowledge applications.
The encryption key is derived from your password using PBKDF2 (100,000 iterations, SHA-256). The key never leaves your device — we cannot access your holdings data even if we wanted to.
Do you store my data?
Portfolio data is encrypted in your browser and stored only in your browser's local storage. Nothing is sent to our servers. If you clear your browser storage, your portfolio data will be lost — we have no copy of it.
What is the /api/feed endpoint?
/api/feed is a Server-Sent Events (SSE) stream that delivers live spot price ticks in real-time. It is used internally by the dashboard to keep prices current without full page reloads. The feed emits a small JSON payload every 5–10 seconds containing the latest gold and silver spot prices.
Example tick:
data: {"t":1775291815,"xau":3245.20,"xag":32.4100,"c":"USD"}Is GS Tracker free to use?
Yes. GS Tracker is free. There are no subscriptions, no accounts required for viewing prices, and no data collection. The portfolio feature requires signing in, which uses a single-factor password with PBKDF2 hashing — your password is never stored or transmitted in plain text.
What data does GS Tracker collect?
GS Tracker does not collect any personal data. No analytics, no cookies beyond the authentication session cookie (HttpOnly, Secure, SameSite=Strict), and no third-party trackers. The authentication cookie contains only a signed session token — no personal information.
Security Architecture
AES-256-GCM Encryption
Portfolio data is encrypted client-side before storage. The ciphertext is what gets saved — never plaintext.
PBKDF2 Key Derivation
100,000 iterations with SHA-256. Brute-force attacks are computationally infeasible.
Zero-Knowledge Architecture
Encryption keys are derived from your password in the browser and never transmitted. We have zero access to your data.
Secure Session Cookie
HttpOnly, Secure, SameSite=Strict. HMAC-signed. Cannot be read by JavaScript or sent cross-site.
Rate Limiting
Sign-in attempts are rate-limited per IP to prevent brute-force attacks against the authentication endpoint.
Ready to track your holdings?